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PAYMENT APPARATUS AND METHOD 

The present invention relates to payment apparatus and a method of payment. In one 
embodiment it finds application in point of sale transactions but is also useful and can be 
applied in other applications. 

Currently when customers want to purchase goods and/or services from a store or other 
provider they usually pay by one of three ways, namely cash, cheque, and a card such as a 
debit, credit, switch or store card. These systems for payment tend to be slow and 
cumbersome and/or to create significant security issues. If the customer pays by cash, 
he/she must withdraw the cash from a bank or automatic teller machine (ATM) and carry 
it until purchases are made, placing the customer at risk of theft. Also merchants must 
carry sufficient cash float to give change on transactions. Cheques are slow to write and 
usually have to be supported with a card. Cards themselves are often stolen and relatively 
insecure, having only four digit PIN (Personal Identification Number) protection which is 
not used for example in the UK. 



In an attempt to improve security, credit and debit cards for example are being embedded 
with chips in place of or in addition to the common magnetic strip currently used. When 
20 using these chip cards, all face-to-face transactions will need to be authorised by keying 
in a PIN. The chip system provides greater functionality and improved security against 
fraudulent usage. However, it has the effect of slowing down the payment process. 

In a press release published in 2002, Vodafone and T-Mobile announced a payment 
25 system for the purchase of goods and services using mobile phones and an interoperable 
payments platform. Consumers would store financial data such as their credit card or 
bank account numbers on their mobile phones and press a button when ready to pay. 
However, such a system remains vulnerable to theft and fraud firstly because the mobile 
phone itself is vulnerable and secondly because the financial data has to be transmitted 
30 between phone and platform to enable payment and that is inherently vulnerable unless 
well-protected for example by encryption. 

The opportunities in the supermarket sector in the UK currently represent some of the 
most compelling opportunities in retail and brand loyalty. Yet, apart from establishing a 
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presence in personal banking, no real penetration has taken place. Further, whilst various 
individual types of transactions exist, up until the present there has been no technology 
available to integrate the various shopping propositions. 

At present there is a bewildering set of transactions which can take place in a 
supermarket. At the entrance, cash is available from the ATM but this is supplied by a 
third party who is often a competing bank. Sometimes, the ATM is located in a mini- 
branch of that competing bank. Inside the supermarket, some supermarkets provide hand- 
held scanners, which enable the self-scanning of goods as the customer collects them and 
totals the prices to provide a form of express checkout and payment. More 
conventionally, scanners might be provided at the entrance. By whatever method the total 
is calculated, the customer might then pay using either cash or a debit, credit, switch or 
store card. 



15 According to a first embodiment of the present invention, there is provided payment 
apparatus for use in authorised transactions, the apparatus comprising: 

i) at least one client device provided with an input for communicating with one or 
more mobile devices; and 

ii) at least one server device for providing data and/or processes to support a 
transaction using the at least one client device, said transaction including verification of 
authorisation data; 

wherein the at least one client device is adapted to receive a first part of the authorisation 
data via its input and the apparatus is adapted to store a second part of the authorisation 
data. 



20 



25 



The mobile device may have an input and an output for the first part of the authorisation 
data and only transient, if any, storage capability for storing said first part in the course of 
a transaction. Thus, the first part of the authorisation data is not stored on the mobile 
device for any length of time but can be entered by a user in real time for immediate 
30 transmission to the apparatus. Use of such payment apparatus means that theft and 
analysis of a mobile device cannot, on its own, enable a fraudulent transaction. 
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The apparatus may in practice store the second part of the authorisation data in any 
appropriate way. For example, the server device might send it to be stored in a database, 
local or remote, or use its own hard disc drive. 

In the context of this specification, a client device and a server device are devices which 
each provide at least one respective software process. The client software process is 
adapted to make a service request to the server software process and the server software 
process is adapted to fulfil the request. Although both software processes could in 
practice be run on the same computing platform, it is usually more useful that the two 
software processes are run on separate computing platforms with a network connection 
between them. It is also usually the case that there is a plurality of client devices adapted 
to make service requests to a common service device, although there may be more than 
one server device. Peer to peer communications will usually include a client/server 
arrangement since each device will have both client and server software processes. 

The first part of the authorisation data may comprise for example a PIN which a user 
enters to a mobile device for transmission to one of the one or more client devices 
Alternatively, the first part of the authorisation data might comprise a PIN-specific code 
which the mobile device looks up on receipt of a valid PIN. The second part of the 
authorisation data may comprise financial data associated with that user, such as numbers 
for credit, debit, switch or store cards or bank accounts. 

In the context of the present invention, the client device(s) might each be incorporated in, 
or connected to, a point of sale terminal, while the at least one server device is provided 
on networked computing platform elsewhere, preferably in a secure, non-public location. 

Preferably, the second part of the authorisation data is not stored by a client device but is 
either stored by the at least one server device, or can be accessed by it, in fulfilling a 
service request from the client device(s). The second part of the authorisation data can 
thus be stored in a secure/non-public location. This can improve security since the client 
device is usually more vulnerable to theft or damage, particularly if physically located at a 
point of sale. 
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Preferably, the apparatus is provided with a mapping capability for mapping the first part 
of the authorisation data to the second part. This might be in the form of a data table, 
listing authorised first parts against appropriate second parts. An example would be a list 
of PINs, or PIN-specific code, mapped to financial data. One mobile device may be 
associated with more than one PIN, each being mapped directly or indirectly to a different 
set of financial data. Preferably, the mapping capability is provided by the at least one 
server device, and not a client device, for increased system security. 

The server device may itself be associated with a further client device so that it can fulfil 
a service request by initiating a further service request to another server device. This 
arrangement will be appropriate for example where a service request requires checks to be 
made with other systems such as credit checks with credit card or banking systems. 
Alternatively, the server device might have an associated data connection or remote query 
facility for querying other systems or databases. 

Conveniently, the one or more mobile devices might comprise handheld communication 
devices such as mobile telephones or personal digital assistants. 

Preferably, the connection for communicating with one or more mobile devices is 
wireless since this is generally more convenient for users. More preferably, the 
connection is a data connection, which is established without the user having to dial up 
since this takes time and would slow down a transaction. Preferably the data connection 
is short-range to avoid hacking or eavesdropping, such as an infrared (IR) connection 
with a range of 0.5 metres or less. 

Preferably, the mobile device itself has a unique identifier, such as a telephone number, 
associated with it. To provide improved security, the apparatus may be provided with 
validation means for validating the unique identifier prior to completing a transaction. 
For example, the client and/or server devices may be adapted to be triggered during a 
transaction, for example on receipt of the first part of the authorisation data, to request the 
unique identifier from the mobile device and to review it against validation data. In one 
arrangement, the client device might request the unique identifier and forward it to the 
server device which in turn forwards it to an external validation location such as a 
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network provider's database. If the mobile device has been reported stolen or damaged 
for example, the database may return an mvalidation report and the transaction can be 
terminated. 
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In the mapping capability mentioned above, it would be possible to replace or supplement 
the first part of the authorisation data (for example the PIN) with the unique identifier of 
the mobile device for mapping against the second part of the authorisation data. 

Preferably, the payment apparatus further comprises update means for updating data held 
on the one or more mobile devices. This can be used for example in the context of an 
authorised transaction to store an electronic version of cash on the mobile device. The 
authorised transaction might result in deduction of an amount from a user account, such 
as a credit card or bank account, and the recording of an amount as an available cash 
equivalent on the mobile device. The available cash equivalent could then be used in one 
or more subsequent unauthorised transactions. This supports an express payment method, 
which might be suitable for relatively low risk transactions, for example transactions 
having a low maximum value or taking place in a more generally secure environment 
such as an in-house system without public access. 

In an arrangement, which is particularly suitable to use in a supermarket or other self- 
service environment, the payment apparatus may further comprise a list processor for 
processing a list of items covered by a transaction. The processor might compile its own 
list from data received sequentially, for instance via a scanner, or might receive a 
compiled list from for instance a point of sale terminal. The compiled list may already be 
priced as received from the point of sale terminal, and/or the processor may have access, 
in use, to current pricing and/or discounting data to enable it to calculate a cost total for 
use in a transaction. The processor is also preferably adapted to communicate with or 
provide, a stock-keeping system to support automated updates. 

30 The payment apparatus might usefully be provided with a user data store and a user data 
maintenance process for storing and updating user data in the user data store. This allows 
the list processor to use user specific data in processing a list of items and thus supports 
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such things as loyalty schemes, in which a user might have a discount arising from their 
purchasing history. 

Preferably, the payment apparatus can be connected in use to a public network. Further, 
the payment apparatus might incorporate a receipt generator and a receipt generated in 
respect of a transaction can be sent over the public network to a network address stored in 
the user data store. Stored user data may also or instead be used by the receipt generator 
in generating a receipt. For example, stored user data may indicate a preference for 
layout of the receipt, such as special groupings of items or tax information. 



A user may wish different user data to be applied in different circumstances. This can be 
achieved by storing user data in association with respective identifiers for that user. As 
long as the payment apparatus is notified, for example by user input, as to which 
respective identifier applies to a transaction, it becomes possible for the payment 
15 apparatus to respond in different ways to different transactions for that user. For 
example, the user may wish different bank accounts to be debited for business and 
personal transactions, and/or receipts to be transmitted to different network addresses. 

According to a second embodiment of the present invention, there is provided a receipting 
20 system for use in a purchasing transaction, the system comprising: 

i) an input for receiving transaction information; 

ii) an input for receiving notice of payment in respect of a transaction; 

iii) a receipt generator for generating a receipt for a notified payment; 

iv) a data store for storing network addresses; and 

25 v) an interface to a network for transmitting a generated receipt to a network address, 
wherein each transaction has an associated identifier and the data store stores network 
addresses in association with transaction identifiers such that each generated receipt can 
be transmitted to a network address associated with the transaction giving rise to the 
generated receipt. 



In such a receipting system, at least one identifier associated with a transaction might 
usefully comprise a personal identification number. 
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Transaction information will generally comprise content for a receipt, such as a list of 
goods or services against amounts paid. 

The inputs for transaction information and for receiving notice of payment are not 
necessarily physically separate of course but receipt of information and notification will 
produce respective appropriate responses. 

According to a third embodiment of the present invention, there is provided a payment 
system for use in user transactions, each transaction giving rise to a price list for goods or 
services covered by the transaction, wherein each user has at least one associated 
identifier, the payment system comprising: 

i) a data store for storing user specific data in association with at least one of said 
identifiers; and 

ii) a price list processor for processing a price list arising from a transaction, 
wherein the system further comprises an input for receiving identifiers and the price list 
processor is adapted to process a price list arising from a transaction by applying user 
specific data from the data store, the user specific data being associated with an identifier 
received in relation to said transaction. 

Preferably in said payment system, at least one user has at least two associated identifiers 
and the data store, in use, stores different user specific data in association with each 
respective identifier associated with that user. 

(Any individual features described herein in relation to one embodiment are generally 
capable of use in another embodiment of the invention and thus an embodiment of the 
invention might comprise any combination of features described.) 

A point of sale transaction system will now be described as an embodiment of the present 
invention, by way of example only, with reference to the accompanying figures in which: 
Figure 1 shows a functional block diagram of the system and indicates schematically the 
data flows occurring in the system to support a transaction; 

Figure 2 shows a block diagram of multiple client devices connected to a server device 
for use in the transaction system; 



10 



15 



WO 2004/090819 PCT/GB2004/001626 

8 

Figure 3 shows internal and external connections for the server device as shown in Figure 
2, in use; and 

Figure 4 indicates schematically the data flows occurring in the system to support user 
information, receipting and discounting processes. 

Overview 

The point of sale transaction system might typically be used in a supermarket 
environment. An electronic shopping list is created on the system, according to user 
selections, either automatically for instance by a scanner mounted on a shopping trolley 
or more conventionally at the point of sale terminal. The user then uses a handheld 
device such as a mobile phone to initiate payment via the transaction system by entering a 
PIN. The PIN enables the system to use financial data such as a credit card number to 
carry out a transaction for the user. The PIN and the financial data provide first and 
second parts respectively of authorisation data used by the system to enable a transaction. 



The mobile phone itself carries no confidential data. The PIN is entered in real time by 
the user and the financial data is stored on, or accessible by, the transaction system. The 
transaction system can also process the shopping list to obtain a cost for the transaction, if 
necessary, and interface with both automated stock-keeping and customer relationship 
20 management systems. 

Referring to Figure 1, important components of the transaction system are a client device 
called the Tagboard box 100 which sits near the point of sale terminal 105, and a server 
device called the Tagboard server 110 which is located elsewhere, in a secure non-public 
25 environment. 

Interfaces 

Mobile phone 115 - Tagboard box 100: there are a number of ways to provide an 
interface and connection 120 between the user's mobile phone 115 and the Tagboard box 
30 100. A good way is to use a contactless card reader conforming to the protocol ISO 
(International Standards Organisation) standard 14443 (various types). Processes of the 
Tagboard box 100 can be written to treat this in the manner of a smart card interface and 
can read and write to the shared memory of the mobile phone 115. The reader can be 
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provided in a plastic rest, slightly larger than a phone and incorporating a polymeric or 
organic light emitting diode (PLED or OLED) for mimicking messages from the point of 
sale terminal 105. Messages that would be mimicked are the messages a point of sale 
terminal would normally send in a card transaction via a card reader of this type but are 
5 here being sent by the Tagboard box 100 to the shared memory of the mobile phone 115. 
A rest of this type can be incorporated into a cheque writing rest as already provided in 
many stores. 

Tagboard box 100 - point of sale terminal 105 and the Tagboard server 1 10: the 
10 Tagboard box 100 operates using a serial protocol and has wired connections 140, 145 to 
the point of sale terminal 105 and the Tagboard server 110. The connections can be for 
example a plug and socket, wire, fibre and/or cable connection. However, preferably, a 
TCP/IP converter is provided so that the Tagboard box 100 can use TCP/IP protocols in 
communicating with the point of sale terminal 105 and the Tagboard server 110. 

15 

Tagboard server 110: The Tagboard server 110 can communicate with the point of sale 
terminal 105 using TCP/IP. It also has: 

• one or more network connections 150 to internal and/or external finance systems 
125 for making payments and supporting the transfer of cash amounts to the 

20 mobile phone 115 

• a network connection 155 to a mobile device checkpoint 130 for checking 
whether the mobile phone 115 has been reported stolen 

• a network connection 160 to a data store such as a hard disc 135 for in-house data 
processing such as the stock-keeping and customer relationship management 

25 mentioned above. 

These connections are further discussed below with reference to Figure 3. 

Point of sale terminal 105: this has a standard interface and card reader and is not further 
discussed herein. 



30 



Prompts and Data Flow in a Transaction 

In this example, a shopping list of items covered by the transaction has been compiled in 
a conventional manner by a point of sale terminal 105. The point of sale terminal 105 
generates a prompt asking: 
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• Pay by cash? 

• Pay by card? 

• Pay by mobile? 

5 If either of the first two is selected, the transaction can be completed in a known manner. 
If "Pay by Mobile?" is selected, the point of sale terminal 105 establishes a link with the 
the Tagboard box 100 and sends the amount of the transaction. This triggers a message 
on the point of sale terminal 105: "Place phone on TBB reader". The Tagboard box 100 
can now communicate to shared memory in the telephone 115. At this point, the user has 
10 decided that payment is to be made via the Tagboard system. The Tagboard system 
includes a back-end transaction engine, which supports three types of payments, namely: 

1) Pre-payment (discussed below under the heading "Tagboard box: e-Wallet"); 

2) Card, preferably Chip and PIN (discussed below under the heading "2. Bank/Card 
Authorisation"); and 

15 3) Customised. 

In the "Customised" approach, the Tagboard system is designed to deal with any of 
several payment systems. For example, VISA have adopted a Chip & PIN approach; 
MasterCard have another approach as do AMEX. A Tagboard system can be customised 
20 to support all these approaches as well as non-EMV (electronic money verify) 
architectures, using the arrangements and processes further described below. 

Once payment is to be made via the Tagboard system and the telephone 115 is on the 
TBB reader, the Tagboard box generates a prompt on the telephone display: "Enter PIN". 
25 This PIN is the user's PIN, authorised for use of the Tagboard system. The following 
prompts and data flow now occur. 

Figure 1 shows four sets of communications along the various connections in the system 
which occur in making a payment transaction. The four sets of communications are as 
30 follows: 

1. PIN login 

2. Mobile handset validation by network provider 

3. Card authorisation 
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4. Transaction completion 
These are described in more detail below. 
1. PIN login and validations 

This function wakes up the mobile phone 115 within the shopping environment and 
checks the validity of the proposed transaction. As shown on Figure 1, the following 
steps are performed: 

la- the user enters a PIN to the mobile phone 115 which triggers the phone to perform 
a handshake with the Tagboard box 100. The Tagboard box 100 then requests the 
phone number from the phone 115 

lb- the Tagboard box 100 sends the PIN and the phone number to the Tagboard server 
110 

lc- the Tagboard server 110 checks that the PIN and the phone number match and that 
the phone number is a registered client and, if the check result is positive, sends 
the phone number to the network provider's system 130 (or other phone number 
validation means) 

Id- the network provider's system 130 establishes if the phone is valid and not 
reported stolen and sends a validation report to the Tagboard server 110 
As long as the PIN and the phone number match, the phone number is a registered 
dient and the validation report at Id was 'Valid', the Tagboard server 110 notifies 
the Tagboard box 100 using the message "PIN OK". (If the validation report at Id 
above is 'Invalid', then the Tagboard box 100 simply notifies the phone 115 and 
there will be no transaction unless a valid PIN is subsequently given) 
the Tagboard box 100 then notifies the telephone 115 and the point of sale 
terminal 105 using the message "Transaction OK". 



20 le- 



25 lf- 



At this point, the Tagboard box 100 also triggers display of the following menu at the 
telephone 115: 

30 ' Cash from the e- Wallet in the phone* 

• Switch card* 

• Credit card 

• Debit Card 
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Store card 

Internet bank account via WAP 



* with optional Cashback 

If the user selects to pay using cash from the e-Wallet in the telephone 115, the payment 
process is relatively simple since a "cash" credit has been entered to the telephone 115 
using a validated procedure (further discussed below under the heading "Tagboard box: 
e-Wallef) and the e-Wallet total can simply be decreased by the amount of the 
transaction as long as the transaction amount is not more than the e-Wallet total. 
However, if the user selects a card or bank account option, the following prompts and 
data flow occur. 



2. Bank/Card Authorisation 

15 If the user selects an option with optional Cashback, a message is displayed: "Cashback 
required?" and the user is prompted to enter the amount. 

2a- The amount is notified to the point of sale terminal 105 via the Tagboard box 100 
and the point of sale terminal 105 is requested by the Tagboard box 100 to send the 
shopping list to the Tagboard box 100. 
20 2b- the point of sale terminal 105 sends the shopping list to the Tagboard box 100 

2c- the Tagboard box 100 sends the list to the Tagboard server 110 (including any 

additional cash sum requested as "Cashback" as part of the final total) 
2d- the Tagboard server 110 logs the list onto its hard disc 135 

2e- the Tagboard server 110 issues a credit check request to an internal and/or external 
25 finance system 125 

3. Transaction Completion 

Once the credit check request has been processed, the Tagboard server 110 receives a 
notification from the finance system 125. If it is negative, the Tagboard server 110 may 
30 reissue the credit check request to different finance systems 125 in turn until a positive 
notification is received or there are no more finance systems 125 to query. If there are no 
more finance systems 125 to query, then the transaction will be terminated and a 
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cancellation message sent to the point of sale terminal 105 and optionally the phone 115, 
via the Tagboard box 100. Otherwise the following steps occur: 

3a- the finance system 125 sends positive notification to the Tagboard server 110 
5 3b- the Tagboard server 110 logs the positive notification to the hard disc 135 in 

respect of the relevant PIN and shopping list 
3c- the Tagboard server 110 then confirms 'transaction OK' to the Tagboard box 100 
3d- the Tagboard box 100 says 'transaction OK' to the point of sale terminal 105 
which then processes the transaction in the normal way of bank or card payment 
10 and notifies the Tagboard box 100 

3e- the Tagboard box 100 says 'transaction OK' to the phone 115 

The above describes a payment using a bank or card account. As described below under 
the heading "The Tagboard server 110", the Tagboard system stores a user's account 
15 details against a Tagboard PIN so that the system can query appropriate finance systems 
125 for the user. Such a system has the advantages that no physical card will be needed, 
since the details are stored on the Tagboard server 110 or mobile device 115 and the 
transaction rate via the Tagboard system can be faster. Money can thus be saved on card 
production. Further, it is relatively simple to design the Tagboard system so that a small 
charge is made to the user, for example for each transaction, and this charge can 
potentially be shared in a commercial arrangement for example with the retailer. 



20 



However, more organisations are moving to Chip & PIN payments for added security. 
The Tagboard system can equally well support Chip and PIN payments although there is 
25 a need for an additional prompt for the user to enter the PIN via the Handset 115. 
Otherwise, the transaction appears as a normal Chip & PIN transaction. 

If the user selects an Internet bank account, the process is slightly different in that, instead 
of Step 2e above, the user accesses their account Website directly from the telephone 115, 
30 using a Wireless Applications Protocol link. Once the user has accessed their account 
successfully, it is necessary to transfer funds from their Internet account to a target 
account held by the store or supermarket. Details of the target account could be entered 
manually to the telephone 115 for transfer to the account Website but it is preferably done 
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automatically via the Tagboard box 100. This can be achieved by a new Step 3a in which 
a positive notification can be notified to the Tagboard box 100, and thus to the Tagboard 
server 110, from the shared memory in the telephone 115, followed by Steps 3b and 3c as 
above. Step 3d is modified in that the Tagboard box 100 now says "transaction OK" to 
the telephone and delivers the target account details to the telephone for onward delivery 
to the user's account Website - Step 3e. Once the user's account has been debited and 
the telephone 115 receives confirmation from the account Website, this is passed to the 
Tagboard box 100. 



10 In the arrangement for debiting an Internet account described above, there is no advance 
confirmation that the transaction will go through successfully, as there is with the 
conventional bank/card arrangements described earlier. If the transaction fails, the 
telephone 115 will receive a failure message from the account Website. In this 
circumstance, Step 3b needs to be reversed. On receipt of a failure message, the 

15 telephone 115 notifies the Tagboard box 100 which in turn notifies the Tagboard server 
110. The Tagboard server 110 cancels the positive notification to the hard disc 135 
previously sent in Step 3b. 



The Tagboard box 100 

20 Referring to Figure 2, each point of sale terminal 105 has a Tagboard box 100 connected 
to it. The Tagboard box 100 controls all interactions between the mobile device 115, the 
point of sale terminal 105 and the Tagboard server 110. 

Tagboard box: e-Wallet 
25 An interesting aspect of the transaction system is the e- Wallet pre-payment system in 
which the user can purchase a cash amount, for instance £50, from a retailer. This 
amount is set up on the Tagboard Server 110 and decremented as the user uses the 
balance via the mobile device 115. (Alternatively, the e-Wallet functionality can be 
provided at the mobile device 1 15.) 

30 

A money amount can be authorised and credited to an e-Wallet total at any time but it 
might also be requested as a "Cashback" service by the user at the time of making a 
purchase at the point of sale terminal 105. An operator enters the request to the point of 
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sale terminal in a conventional manner and it is added to the shopping list compiled in 
known manner by the point of sale terminal 105. It will thus be funded by the customer 
in the same way as the rest of the shopping list, via the Tagboard server 110. 

5 The Tagboard system can be designed to earn a small margin on each decrement of the e- 
Wallet amount. 

Cashback might be delivered physically to the customer from the point of sale terminal 
105. However, the e-Wallet process 200 provided by the Tagboard box 100 enables cash 
to be delivered to the mobile device 115 electronically. This has the advantage that the 
point of sale terminal can carry less, or even in some circumstances zero, cash and thus 
improve security. The e-Wallet process 200 could for instance be triggered by a 
Cashback code in the shopping list received by the Tagboard box 100 from the point of 
sale terminal 105, or by a specific Cashback alert issued by the point of sale terminal 105. 



10 
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Where the e-Wallet process is provided on the mobile device 115, it is necessary that the 
mobile device 115 has means for recording a cash amount in response to an authorised 
transaction and for subsequently debiting it in response to one or more further 
transactions. This might be provided for example by the use of a card in the mobile 
device 115 which can be written to by the e-Wallet process 200 in the Tagboard box 100, 
for example a flash memory card or the known "Universal Subscriber Identity Module" 
(USIM). The further transactions in these circumstances have the major advantage that 
they can be unauthorised and therefore potentially very quick since the cash has been 
funded by the user in the initial transaction. The e-Wallet process 200 in general 
25 therefore is adapted to respond to an authorised transaction by increasing the recorded 
cash amount on the card and to respond to an unauthorised transaction by decreasing the 
recorded cash amount. 

(It will be understood that the above e-Wallet process only applies for use with 
30 embodiments of the present invention and is not a universal mechanism such as the 
Mondex system.) 
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In supporting unauthorised transactions, the processes for "2. Bank/Card Authorisation" 
and "3. Transaction Completion" described above can be considerably reduced since 
there is no longer a need to refer to an internal and/or external finance system and the 
Tagboard server 110 is only used for record keeping. Thus Step 2e, the credit check 
5 request by the Tagboard server 110 to an internal and/or external finance system, can be 
deleted. In "3. Transaction Completion", Steps 3a to 3c are also deleted, being 
replaced by a step in which the e-Wallet process 200 in the Tagboard box 100 attempts to 
delete the shopping list cost total from the card in the mobile device 115. If the total is 
insufficient, this fails and the e-Wallet process 200 notifies the point of sale terminal 105, 
10 the Tagboard server 110 and the mobile device 115. 

The Tagboard server 110 

Referring to Figure 3, the connections and processes of the Tagboard server 110 are 
shown in more detail than in Figure 1. In practice, the connections 150, 155 (shown in 
15 Figure 1) to external finance systems 125 and to the mobile device checkpoint 130 are 
provided over a link 320 (shown in Figure 3) to a public network such as the Internet or a 
telephone network. The Tagboard server 110 is also connected locally, for instance via a 
Local Area Network (LAN) 315, to other internal elements of the transaction system, 
such as the hard disc 135 and software and data supporting a store card 325 and an 
intermediary banking system 330. The LAN 315 might also provide the connections 145, 
140 to the Tagboard boxes 100 and the point of sale terminals 105 and support TCP/IP 
protocols. 
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It should be noted that the location of the various processes run by the Tagboard server 
110 may be on the server 110 or elsewhere. In Figure 3, some processes such as the user 
information process 345 are shown on the server 110 and some processes such as the 
receipt generator 350 are shown separately from the server 110, connected to it over the 
LAN 315. This distribution and network arrangement is not important however and is 
likely to depend in practice on local (or even remote) availability of processing capacity. 

In known manner, the Tagboard server 110 might itself be provided with a client device 
(not shown) for requesting data or services from an internal or external server device (not 
shown). This may be the arrangement for example where internal or external finance 
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3ard server 110, in a further 
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arrangement, to fulfil a request from the Tagboard box 100. 

The Tagboard server 110 maintains data on the hard disc 135 enabling it to connect to 
various external financial systems to make credit checks and to debit funds in making a 
transaction. For instance, it will carry the telephone numbers of credit card systems such 
as VISA and Mastercard and the Web addresses of Internet banking systems. It will also 
carry the number or address of one or more services 130 for validating the phone numbers 
of mobile devices 115 (not shown in Figure 3) initiating a transaction. An 
authorisation/vaUdation process 355 is provided for making the various checks, 
maintaining and updating data on the hard disc and interacting with external systems as 
necessary. 

The Tagboard server 110, using the authorisation/vaUdation process 355, manages the 
second part of the authorisation data necessary for a user to make a payment transaction. 
That is, it stores one or more PINs for each registered user of the system, and provides a 
mapping capability for mapping PINs to financial data such as credit and store card 
numbers. Preferably, it also stores at least one email or SMS (Short Message Service) 
address for each user for use in receipt delivery and marketing alerts, further mentioned 
20 below. This data is stored on the hard disc 135 in a user data store or user information 
store, maintained by a user data maintenance process 345 further discussed below. 

Instead of one or more PINs for each user, the Tagboard server 110 may store the user's 
mobile device telephone number mapped to the financial and contact data. However, this 
reduces flexibility since the use of multiple PINs allows each user to register more than 
one financial or contact "profile" with the transaction system. For example, a business 
user might wish to use a business account for transactions in an IT (Information 
Technology) department of a store and a personal account for transactions in the food 
department of the store. The use of multiple PINs also allows more than one user to use a 
30 shared mobile device 115 to access their own respective financial and contact data. 

It is also possible for the PIN to be validated by the mobile device rather than transmitting 
the PIN to the server 110, thus reducing a security risk associated with transmitting the 
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PIN. In order to maintain flexibility, the mobile device 115 could then transmit not the 
PIN itself but a validation signal randomly assigned to the PIN. For example, where the 
PIN is "1234", the mobile device 115 could transmit "Vfgh", which notifies the server 
110 that the PIN has been validated and also delivers a PBST-specific code which can still 
5 be mapped to the financial and contact data. 

An important feature of the user "profile", whether mapped to a PIN or a telephone 
number or both, is that the user can list sources of funds in a preferred order. This allows 
the Tagboard server 110 to scan through the list until a sufficient balance is found to 
10 complete a payment. 

Tagboard server 110: list processor 300 

The Tagboard server 110 is also provided with a software process, which is the list 
processor 300. As described above, during a transaction the point of sale terminal 105 
15 compiles a shopping list which is then sent to the Tagboard server 110 via the Tagboard 
box 100. The compiled list may already be priced as received from the point of sale 
terminal 105. However, a powerful aspect of list processing by the Tagboard server 110 
is that the list processor 300 may have access, in use, to current pricing and/or discounting 
data to enable it to recalculate a cost total for use in a transaction. The pricing and/or 
discounting data might be applicable across all transactions. Alternatively, it might be 
user-specific. Because the Tagboard server 110 manages user records in a user data store 
on the hard disc 135, it can also apply user-specific discounts. Thus if the relevant user 
has a store card, or is entitled to other forms of discount such as a loyalty discount, this 
can be flagged in the user data store against one or more identifiers for the user. The list 
25 processor 300 refers to the user data store to check if there is a relevant flag. If so, it 
refers to the current pricing and/or discounting data to enable the Tagboard server 110 to 
apply suitable prices or discounts prior to closing a transaction. 

Additionally, again because the Tagboard server 110 manages user records in a user data 
30 store on the hard disc 135, it is able to provide transaction receipts which are customised 
for the user and/or a particular service being provided. These can be transmitted to the 
user separately from the immediate transaction, for instance by email, and are further 
discussed below. 
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The list processor 300 is also preferably connected to a stock-keeping system (not shown) 
to support automated updates. Stock-keeping systems are generally known and therefore 
not further described herein. 

Tagboard server 110: current pricing and discounting system 335 
To enable a current pricing and discounting system as described, there may be a current 
pricing and discounting software process 335 connected to. the LAN 315 which carries 
rules or algorithms for calculating such things as loyalty discounts. This process 335 may 
interact with user profiles stored in the user data store on the hard disc 135 to maintain a 
user-specific discounting facility. To enable this, the processes for «2. Bank/Card 
Authorisation" and "3. Transaction Completion" described above need to be expanded 
as follows. After 2d (Tagboard server 110 logs the shopping list onto its hard disc 135), 
there will be an additional step in which the Tagboard server 110 accesses a user profile 
on the hard disc 135 to check whether there are relevant user discounts. If not, no further 
action is required. However, if there are relevant user discounts, the Tagboard server 110 
amends the pricing applied to the shopping list, logs the amendments, and only then 
issues a credit check to a finance system 125. If a positive notification is received, the 
existing steps of "3. Transaction Completion" are carried out, but now including using 
the current pricing and discounting system 335 to review the updated transaction records 
for the user profile to see if a requirement has been met for a further discount or a change 
to an existing discount. If such a requirement has been met, the user profile is now 
updated accordingly so that the next transaction will be subject to appropriate discounts. 

25 A process to support discounting in use is further described under the heading "6. List 
processing to apply discounting" below. 
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Tagboard server 110: alerts and transaction receipts 

The Tagboard server 110 is provided with an email and/or SMS capability 310. This 
enables it to contact registered users by email or text messaging. The email facility can 
be used in conjunction with a user information application 345 (also referred to herein as 
the user data maintenance process 345) to send transaction receipts to the user, rather than 
or as well as issuing paper receipts at the point of sale, and/or to communicate with the 
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user more generally, for instance to alert the user to suitable special offers (selected for 
instance by reference to the user profile in the user data store on the hard disc 135). In a 
service of this sort, the transaction receipts are preferably presented in "plain English" 
and can be customised for example by preferred grouping of goods on the receipt or the 
presence or absence of tax information. 

A process to support user-specific receipting in use is further described under the heading 
"5. Transaction Receipts" below. 

This notification capability can potentially be extended by use of known tools such as 
Wayfinder, available from Wayfinder Systems AB, which works by connecting over the 
Internet to a server which plans and returns the routing instructions. This map server also 
has access to digital mapping and can send maps to the mobile phone allowing your 
current position to be plotted on the phone's screen. This uses a global positioning system 
and is capable of giving navigational aids within a current cell where the mobile device 
115 is active. Global positioning is sufficiently accurate that this can be done in real time, 
while die user is in store, so that they can be directed to special offers within the store. 
The system can also answer user queries, which is useful in large stores if the user needs 
direction to particular goods. 



20 



Navigational aids and special offers can be delivered to the mobile device 115 using the 
short range wireless connection 120. The user would usually have their mobile device 
connected to the public network and thus SMS or email could be used but, if security 
were an issue, delivery could be made using a local function and/or a private network 
25 operating solely in the local environment. 

T agboard server 110: intermediary banking system 330 

An intermediary banking system 330 is mentioned above. An intermediary banking 
licensee is a person or organisation licensed by the Central Bank of a designated country, 
30 for example the Bank of England in the UK, to accept, keep in deposit, or help invest or 
transfer assets belonging to third parties. Such a licence is known for instance as a 
"Deposit Taking Licence". 
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In the context of the present invention, the intermediary banking system 330 is a system 
provided by an intermediary banking licensee to give access to existing banking facilities 
for non-banking third parties to use in marketing their own brand. The system 330 
provides a "Back-Office", which is run by the intermediary licensee and a "Front-Office", 
which is run by the brand owner. The Back-Office therefore has a connection 340 to the 
public network 305 for communication with banking providers and the Front-Office is 
connected to the LAN 315 for interaction with users via the Tagboard box 100. The 
intermediary system 330 can be designed to provide services such as own branded cards, 
bank statement automation such as itemised transactions, server farms and call centres. 

User-specific data 

Reference is made above in several instances to user-specific data, or user profiles, held 
on the hard disc 135 and maintained for instance by the user information process 345 
and/or the shopping list processor 300 on the Tagboard server 110. The type of user- 
specific data held and maintained can of course be modified but to support the various 
arrangements described above, the user-specific data would comprise at least the 
following: 

• PINs or telephone numbers mapped to financial data for use in authorisation of 
transactions 

20 • Ordered list of funds such as credit and bank accounts for use in authorising 

transactions, possibly sorted according to type of goods 

• Email or SMS addresses for receiving transaction receipts and special offers 

• Membership of loyalty or other card schemes, and/or subscriptions to services 

• Transaction records for use in calculating user-specific discounts such as loyalty 
25 discounts 

• Receipt customisation such as layout and grouping of goods listed 

• Interests in special offers on particular goods 

In any process involving the user-specific data held on the hard disc 135, it will usually be 
30 the user information application 345 which accesses or updates the data. Therefore in the 
"3. Transaction Completion" process described above, it is the user information 
application 345 which carries out steps 3b and 3c, logging a positive notification to the 
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hard disc 135 in respect of the relevant PIN and shopping list and confirming "OK" to the 
Tagboard box 100. 



Referring to Figure 4, there are two further sets of communications which occur and 
5 which particularly involve the user-specific data held on the hard disc 135. These occur 
in support of action by the user information application 345 to send transaction receipts to 
the user and in support of action by the list processor 300 to apply current pricing and/or 
discounting data and are further described below: 

10 5. Transaction Receipts 

If the user has subscribed to the appropriate service for transaction receipts to be sent to a 
specified network address, the user information application 345 will have recorded the 
fact against the user's PIN on the hard disc 135 and will also have recorded the specified 
address. The following steps will occur to support such a service, after "3. Transaction 
15 Completion" has occurred as described above, as shown in Figure 4: 

4a- the user information application 345 checks for a specified address for receipt 
delivery against the PIN received for the transaction 

4b- the user information application 345 checks for a receipt layout preference against 
20 the PIN received for the transaction 

4c- if either an address or a layout preference is stored against the PIN, the user 
information application 345 initiates receipt generation by the receipt generator 350, 
including delivery of the logged shopping list since this contains data for use as receipt 
content 

25 4d- a generated receipt is sent to the specified address, if present, or to the point of 
sale terminal 105 via the Tagboard box 100 where it can be printed for the user. 

It should be noted that a receipting system as described above can be used independently 
of other aspects of the present invention and that an embodiment of the present invention 
30 might therefore comprise the receipting system. 



A receipt generator 350 suitable for use in the receipting system could be designed 
relatively simply, having for instance a set of available layouts and sorting criteria 
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selectable by the user via a form input or the like. Available layouts may include/exclude 
a tax component such as value added tax in the UK and may offer subtotals for goods and 
services in user-selectable categories. 



5 6. List processing to apply 

The following steps will occur to support discounting, after step 2d in which the Tagboard 
server 110 (represented by the user information application 345) logs the list onto its hard 
disc 135 as described above, as shown in Figure 4: 

10 5a- the list processor 300 checks with the current pricing and discounting system 335 
for the presence of current pricing and discounting rules which relate to the transaction 
5b- the list processor 300 triggers the user information application 345 to check for 
user-specific discounts indicated against the PIN received for the transaction 
5c- if either check returns a positive result, the list processor 300 processes the list to 

15 apply the rules or discount and recalculates a cost total 

5d- the list processor 300 logs the processed list onto the hard disc 135 as a transaction 
record against the PIN for the current transaction and returns the processed list to the 
tagboard box 100 for notification to the point of sale terminal 105 
5e- the list processor 300 alerts the user information process 345 
20 5f- the user information process 345 reviews the transaction records logged against 
the PIN for the current transaction, using a discounting rule or algorithm for a service the 
PIN is registered against, and up-dates the user-specific discounts indicated against the 
PIN if the latest transaction triggers a change, for instance because a threshold quantity 
has been passed. 
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It should be noted that a payment system having a list processor as described above can 
be used independently of other aspects of the present invention and that an embodiment 
of the present invention might therefore comprise such a payment system. 

The current pricing and discounting system 335 is not necessarily provided in the 
Tagboard server 110 environment but may already be present as part of a pricing system 
supporting the point of sale terminals 105. If that's the case, then step 5a may not be 
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necessary since the shopping list delivered to the Tagboard server 110 may already reflect 
current pricing and discounting. 

Security 

Referring to Figures 1 and 3, in general, security is provided in embodiments of the 
present invention by avoiding the storage of authorisation data on the mobile device 115. 
Additionally, communication between the mobile device 115 and the system, via the 
Tagboard box 100, is done using a short-range connection such as infrared. It is however 
possible to add capabilities in both areas, such as the use of encryption, fuller use of the 
USIM on the mobile device 115 and support for Bluetooth and long range infrared 
communication. 



For added security, reporting messages such as email or SMS, can be sent to a different 
device from the mobile device 115 used at the time of a transaction. This can be 
15 implemented via the user profiles stored on the hard disc by the Tagboard server 110. 

The Tagboard server 110 itself, and processes and data associated with it such as the 
current pricing and discount system 335, carry confidential information and are therefore 
preferably located in a secure location. Both the Tagboard server 110 and the 
20 Intermediary banking system 330 have a link 320, 340 to at least one public network 305, 
such as the Internet and/or a telecommunications network, and they are therefore 
protected by a firewall and equipped to encrypt data. 

Additional Aspects of Implementation 

25 Embodiments of the present invention can be used with a variety of mobile devices 115 
relying generally on mobile wireless telemetry. For example, the mobile device 115 
might be embodied as a mobile phone, a personal digital assistant or the like. It only 
requires a communication capability such as a short-range infrared port to communicate 
with the Tagboard box 100 and the means for a user to input the first part of the 

30 authorisation data, such as a PIN. Preferably however, the mobile device 115 also has 
memory of some sort, suitable for supporting the e-WaUet facility. Where the device 115 
is a mobile phone, it might be third generation enabled, such as UMTS (Universal Mobile 
Telecommunications System), or any later technology to be developed, and it might 
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communicate with a public network by any available means such as Mobitex or satellite. 
(Mobitex is an International Standard 12.5kHz narrow band radio technology, which is 
data only.) 

5 Although any suitable form of software can be used, an embodiment of the invention can 
be based on a Java based (J2EE / J2ME) architecture, and might also benefit from use of a 
known "M-Commerce" payments system and an EMV architecture for encryption. M- 
Commerce payments systems are known and not further described herein. Europay, 
MasterCard and Visa collaborated in early 1996 to produce the EMV specifications that 
10 define an international, open encryption standard to allow safe, easy electronic commerce. 
The specifications are publicly available. EMV may be used in embodiments of the 
present invention where encryption is beneficial. EMV is not further described herein. 

Java is a known software language and environment developed by Sun Microsystems Inc. 

15 The "Java 2" Platform provides robust end-to-end solutions for networked applications as 
well as a trusted standard for embedded applications. It includes three editions: the 
Enterprise edition J2EE, the Standard edition J2SE and the Micro edition J2ME. The 
high-level architecture of a Java wireless enterprise application, applicable to 
embodiments of the present invention, is similar to that of a canonical J2EE application. 

20 However, Java tends to use relatively high memory capacities. 

Aternative languages that might be used in embodiments of the invention include object- 
oriented languages such as "Of" by Microsoft. This provides the computing power of 
the C++ language and the ease of use of Microsoft's Visual Basic language. 

25 

Potential uses of embodiments of the invention 

Embodiments of the invention can be used wherever there is purchase of goods or 
services and thus might be used in the following scenarios: 

• Supermarket shopping 
30 • Duty free shopping 

• Automated car parking 

• ATM cash withdrawal 

• 3 rd Party payments 
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• Electronic Metering 

• 24 hour convenience retailing 

• Kiosk banking 

• Payment for sundry items, vending machines 
5 • Secure safekeeping of hard currency 

• Foreign Exchange 

• Congestion Charging 

• Airline, Train, Ferry ticket dispensing 

10 It will be noted that as well as cash tills in supermarkets, the point of sale terminal 105 in 
embodiments of the invention may also be embodied as an ATM, a vending machine, or 
indeed any of a range of equipment for dispensing goods or services. 

The functionality of embodiments of the invention generally covers the following aspects: 
15 • Payments interfacing to credit, debit, switch, intermediary or other financial systems 

• Provision of cash equivalent for unauthorised transactions 

° Mobile phone interface with the PoS, Till, ATM or Dispenser 

• Server transactions 

• Receipt processing and customised delivery 
20 • Shopping list processing 

• Information service 

Embodiments of the present invention have several benefits such as providing systems 
which support and develop brand loyalty while simplifying the overall shopping process 
25 and improving security for the user and vendor. 

It should be noted that, for the purposes of the present specification, the word 
"comprising" is intended to be interpreted, unless the context indicates otherwise, so as to 
include for instance at least the meaning of either of the following phrases: "consisting 
30 solely of and "including amongst other things". 



It will be understood that embodiments of the present invention may be supported by 
platform of various types and configurations. The presence of the platform is not 
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essential to an embodiment of the invention. An embodiment of the present invention 
might therefore comprise software recorded onto one or more data carriers, or embodied 
as a signal, for loading onto suitable platform for use. 



